# This is a configuration for the sigul bridge.
#
[bridge]
# Nickname of the bridge's certificate in the NSS database specified below
{% if env == "staging" %}
bridge-cert-nickname: sigul-bridge-cert
{% elif inventory_hostname.startswith('sign') %}
bridge-cert-nickname: sign-bridge1 - Fedora Project
{% else %}
bridge-cert-nickname: secondary-signer - Fedora Project
{% endif %}

# Maximum accepted total size of all RPM payloads stored on disk for one request
max-rpms-payload-size: 70737418240
# Port on which the bridge expects client connections
client-listen-port: 44334
# Port on which the bridge expects server connections
server-listen-port: 44333
# A Fedora account system group required for access to the signing server.  If
# empty, no Fedora account check is done.
{% if env == "production" %}
required-fas-group: signers
# User name and password for an account on the Fedora account system that can
# be used to verify group memberships
fas-user-name: {{ fedoraDummyUser }}
fas-password: {{ fedoraDummyUserPassword }}
{% endif %}

[koji]
{% if inventory_hostname.startswith('sign') %}
koji-instances: primary
koji-config-primary: /etc/koji-primary.conf
koji-config: /etc/koji-primary.conf
{% else %}
koji-instances: ppc s390 arm
koji-config-ppc: /etc/koji-ppc.conf
koji-config-s390: /etc/koji-s390.conf
koji-config-arm: /etc/koji-arm.conf
{% endif %}

[daemon]
# The user to run as
unix-user: sigul
# The group to run as
unix-group: sigul

[nss]
# Path to a directory containing a NSS database
nss-dir: /var/lib/sigul
# Password for accessing the NSS database.  If not specified, the bridge will
# ask on startup
# Currently no password is used
nss-password:
# Minimum and maximum versions of TLS used
nss-min-tls: tls1.2
nss-max-tls: tls1.2
